Seraphic Algorithms Ltd., a maker of security software for browsers, today announced that a $29 million early-stage funding round led by GreatPoint Ventures LLC.

Also participating were CrowdStrike Inc.’s Falcon Fund and existing investors Planven Investments SA, Cota Capital Management LLC and Storm Ventures LLC. The company, which does business as Seraphic Security, said it will use the Series A funds to accelerate product development and market expansion in North America and the Europe/Middle East/Africa region.

Seraphic injects an abstraction layer between executing code and a browser’s JavaScript engine that protects against zero-day or unpatched n-day browser exploits to can guard against such common exploits as preventing phishing attacks, overly permissive and malicious extensions, and data exfiltration.

The company said its technology addresses security gaps created by the widespread use of software-as-a-service applications, which are typically accessed through web browsers. Browsers execute external code and interact with untrusted sources, making them a major security risk.

Seraphic said it addresses the limitations of traditional browser security technology such as local and remote browser isolation and extensions. The former affects the user experience and doesn’t fully protect user identities, while the latter lacks deep visibility given browser application program interface limitations.

Seraphic’s approach uses a JavaScript-based browser agent that integrates with existing browsers and applies Moving Target Defense, a strategy that dynamically changes system components to make it costlier and more complex for attackers to exploit vulnerabilities.

The software layer works independently of threat intelligence feeds, making it effective against zero-day threats and HTML smuggling attacks, the company said. It doesn’t impact the user experience while offering real-time detection and protection that identifies risky login pages dynamically and renders them in read-only mode. The software also encrypts session cookies to prevent theft and prevents credential-stuffing by monitoring password reuse.

Administrators get granular control over user actions such as block printing and screen captures, dynamic data masking to hide sensitive information and browser session watermarking for traceability in case of leaks.

Seraphic said it supplements existing security service edge deployments with features such as integrated zero-trust network access principles to support identity-verified access from managed or unmanaged devices.

“With the rise of SaaS applications and a hybrid workforce, browsers have become a critical attack surface for today’s adversaries,” CrowdStrike President Michael Sentonas said in a statement. “Seraphic Security’s unique yet simple approach solves a critical gap in enterprise browser security, which is why we invested in this innovative technology and team.”

Image: SiliconANGLE/Google Gemini